Categories: SecuritySoftware

Most Phishing Scams Fail But Enough Succeed

Ever wonder what percentage of people are clicking on those e-mails leading to fraudulent bank login pages? The answer is very little – more than enough for phishers to still make a killing.

New research from security firm (PDF) Trusteer shows that once users had been lured to a phishing site, some 45 percent entered their login information. These findings, taken during a three month analysis, are based on a sample of more than 3 million users of Trusteer’s Rapport browser security service that are customers of 10 large U.S. and European banks.

Each phishing attack compromises a very small number of customers (0.000564 percent), but due the large number of phishing attacks, the aggregated number is significant. Overall, 0.47 percent of the banks’ customers fall victim to phishing attacks each year, translating to between $2.4 million and $9.4 million in annual losses.

With that kind of money at stake, it is important both businesses and consumers learn to recognise phishing e-mails when they see them. In an enterprise environment, that process begins with training.

“Engage the user base when developing a training program (and) view training programs as marketing campaigns to sell security,” advised Rohyt Belani, CEO of Intrepidus. “Teach people through first hand experience (mock phishing exercises followed with instant training/feedback) rather than boring sessions and poster campaigns that couch do’s and don’ts.”

He also suggested rewarding users that consistently dodge phishing attacks, rather than simply penalising those that do not.

“People should have a basic level of suspicion associated with email and understand that just because the “from” address looks authentic, the email contains a personalised salutation and the content is in appropriate context that it is not necessarily where or who it claims to be from,” he told eWEEK. “This will instill a though process of evaluation before acting on email.”

However phishing scams are getting more difficult to detect all the time, particularly in cases of spear phishing, which are targeted attacks, noted Scott Crawford, an analyst with Enterprise Management Associates.

“Message filtration technologies help with this, but as far as awareness goes, users should consider just about any message suspect unless it contains detail that would only be known to the sender (and) recipient – and even then, a skillfully crafted attack can look very believable,” he said.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

29 mins ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

59 mins ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

1 hour ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

2 hours ago

North Koreans Stole $1.34bn In Crypto This Year

North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…

2 hours ago

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago